ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Need some (security/virus-related) advice.

<< < (2/3) > >>

wraith808:
If I had to guess, I'd say the odds are good that he paid $100 to a company that used teamviewer to remote connect in and (at least tried) to fix his computer, and that everything is fine and nothing was taken, and that you should simply ensure that teamviewer password is changed or teamviewer uninstalled, etc. and backup everything in a safe place as always, and keep a careful eye on bank and credit cards for the next 6-12 months.

That's not to say that there isn't a risk that everything else was taken -- just a reminder that most of the time things aren't as bad as we fear.
-mouser (December 11, 2017, 10:28 AM)
--- End quote ---

That was my first thought.  If he doesn't recognize the company, he could also reverse the charges, and change the card because of fraud.

IainB:
@ayryq: Hmm. Sounds fairly typical, and your Dad sounds like a typical unsuspecting potential victim. If they were claiming to be "Microsoft Support" or something, then that was probably a lie and thus probably a fraud was being committed. Classic.

Regardless, as well as the forensics, I would suggest subsequent file encryption for the (changed) passwords in the Password file, at least.

There are a couple of potential avenues I could suggest for this, findable via the DC Forum discussions/threads:
1. Frog Tea: (@f0dder seems to think this proprietary software is insecure; see below notes)
FrogTea (DCF discussion)
« on: 2012-10-06, 23:16:55 »
Quote
What is FrogTea? FrogTea is a free, Windows based, encryption utility which allows you to create a secure*, stand alone, self-decrypting HTML archive which may contain either html or plain text content. These self-decrypting archives may be decrypted on any device which has a javascript capable browser.
Copied from: FrogTea - DonationCoder.com - <https://www.donationcoder.com/forum/index.php?topic=32466.0>

--- End quote ---

However, @f0dder finds Frog Tea to be flawed as any kind of a properly secure approach and makes the point about this:
f0dder (DCF comment)
The reasons I listed against using FrogTea are pretty sound. If anything is absurd, it's that insistance that there's some merit in using an unmaintained, closed-source program with problematic encryption - while not philosophically untrue, it's about as ridiculous as insisting that it's better to wear a pajamas in a blizzard than being naked.
Copied from: FrogTea - DonationCoder.com - <https://www.donationcoder.com/forum/index.php?topic=32466.0>

--- End quote ---

2.  fSekrit: (@f0dder's own proprietary software using AES encryption)
LATEST VERSION: fSekrit 1.40 shrinkwrapped!
https://www.donationcoder.com/forum/index.php?topic=20846.msg186778#msg186778
_____________________________________________________
fSekrit v1.40 change log:
http://f0dder.dcmembers.com/fsekrit/changelog.txt
________________________________
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*** Release History:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
version 1.40 - December 3, 2009 - 90kb/45.5kb
- fixed:  long-standing bug where failing to save changes when closing fSekrit
  with a modified document would cause fSekrit to exit, rather than notifying of
  error and let user attempt to save again.
- fixed:  saves are *finally* done properly, by saving to a temporary file and
  replacing the current file only when all the file writing business is done.
- added:  font selection dialog, no longer do you need to much around with the
  registry to set another default font. The font is still not stored in your
  document, though, and is single global per-user registry setting.
- added: "portable" mode, which (for now) means it will not use %TEMP% to store
  it's temporary editor executable, but instead store it in the same folder as
  the opened document. Registry is still used for font selection, though!
  To enabel this feature, create a file called "fSekrit.portable" in the same
  folder as the document you want to function in portable mode.
- added: URLs are now recognized and turned into hyperlinks.
- fixed: Read-only notes should be a lot more sane - changed from confusing
  "make read-only" that half-worked to "Save As Read-only" that works :)
- fixed: Win9x and NT4 support has been broken since version 1.35. Release builds
  are now done with an older compiler toolchain, and 9x/NT4 support is back :)
----------
version 1.35 - December 23, 2007 - 100kb/50.5kb
- fixed:  file->export appends ".txt" instead of ".exe" if no extension given.
- fixed:  file->new now clears passphrase and read-only state.
- fixed:  menu items are now properly enabled/disabled depending on read-only
  state and whether text field is empty or not.
- added:  drag&drop support: you can now drop a text file onto the fSekrit
  window, and fSekrit will load the dropped file.
- added:  right-click popup menu with edit actions
- added:  redo support
- added:  unicode text support (only the note text, not filenames yet)
- added:  now everything sensitive is always wiped from memory after use,
  as far as it's possible (with the exception of the RichEdit control).
----------
version 1.3 - November 18, 2007 - 99.5kb/50.5kb
- added:  read-only notes, finally :)
- bugfix: changing key on unsaved document would crash
- bugfix: saving an empty document would crash
- bugfix: running fSekrit.exe (w/o embedded note) from a CD was unable to
  Save As because read-only file attribute wasn't cleared on destination.

This release was actually meant to be released on 15th October 2006, but
due to the phase of the moon and real-life work, got postponed for over a
year. Sorry.
----------
version 1.2 - September 15, 2006 - 98.5kb/50.0kb
- improved security a bit (randomized IV)
- fSekrit now saves without "flickering in and out of existance"!
- you can now specify a custom font. I haven't added a GUI setting for this,
  but it's tweakable from regedit. You can create fontface:string and
  fontsize:dword values under HKEY_CURRENT_USER\Software\flork.dk\fSekrit .
- import and export plain text
- win9x: now handles large encrypted notes
----------
version 1.1 - April 11, 2006 - 75.5kb/39.5kb
- bunch of misc. bugfixes
- added menu items for most functions (were already available through keyboard
  shortcuts)
- added edit->find
- internal preparation for unicode support and other goodies

PLANNED: secure file wipe, better process model (slightly safer and more
convenient), drag-and-drop encryption, unicode support, additional encryption
tools, and of course smaller filesize :)
----------
version 1.0 - January 31, 2006 - 76kb/39.0kb
 first public release.

--- End quote ---

ayryq:
Actually I think he'll be served perfectly well with a notebook with passwords written down. I love KeePass but I don't see my Dad dealing with such a system.

Stoic Joker:
Actually I think he'll be served perfectly well with a notebook with passwords written down. I love KeePass but I don't see my Dad dealing with such a system.-ayryq (December 11, 2017, 11:54 AM)
--- End quote ---

I've long been a fan of the phrase "The old ways are the best" ... Because it does rather frequently seem to prove true. However...

Given the many exploits currently in the wild - many of which have lengthy dormancy periods - it would probably be best to roll his machine back to a restore point prior to the incident before doing a through offline scan to ensure nothing is waiting until the coast is clear...or just quietly monitoring some C&C channel awaiting instructions.

ayryq:
Do you think a windows 10 "refresh" would accomplish this?

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version